Microsoft 365 Copilot 'SearchLeak' Flaw Enables 1-Click Enterprise Data Theft

Security researchers have disclosed a critical vulnerability chain in Microsoft 365 Copilot Enterprise, dubbed SearchLeak, that weaponizes Copilot's AI search capabilities to silently exfiltrate sensitive data from a victim's mailbox, OneDrive, or SharePoint — triggered by nothing more than a specially crafted URL.

The attack abuses how Copilot's retrieval pipeline interacts with Microsoft 365's data graph. An attacker lures a target into clicking a malicious link; Copilot then surfaces and exfiltrates private content without any additional user action. No malware, no macro, no code execution — just a URL that abuses permissions Copilot already holds.

Why This Is Serious

Microsoft 365 Copilot Enterprise is, by design, broadly permissioned. It reads everything the licensed user can see: email threads, Teams conversations, SharePoint sites, OneDrive files. SearchLeak turns that feature into an exfiltration primitive.

The delivery surface is wide. The crafted URL can arrive as a phishing email, a Teams message, a calendar invite, or a link embedded in a shared SharePoint document. Because Copilot queries data through Microsoft's own infrastructure, traditional endpoint controls and DLP policies may not flag or block the retrieval.

The risk is highest where Copilot licenses are concentrated: executives, legal, HR, and finance — exactly the users with access to merger documents, employment records, and litigation strategy. A single click from any of them can expose far more than a conventional credential-theft attack.

What to Do Now

1. Check for patches and advisories. Verify whether Microsoft has issued mitigations for your tenant. Monitor the Microsoft Security Response Center for a CVE or advisory tied to this research chain.

2. Audit Copilot license assignments. In the Microsoft 365 admin center, identify every user holding a Copilot Enterprise license. Apply least privilege: revoke licenses for users who do not actively need the feature, particularly until a confirmed fix is in place.

3. Remediate SharePoint and OneDrive oversharing. SearchLeak harvests whatever the victim account can access. Run a SharePoint access review now — identify "anyone with the link" permissions and broadly shared sites, and scope them down. The smaller the blast radius per account, the less an attacker can retrieve.

4. Brief your SOC on URL-based lure patterns. The initial vector is a URL, not an attachment. Update email security rules to flag external links containing Microsoft 365 or Copilot API path signatures, and make sure analysts know to treat unexpected Copilot-related links as high-suspicion phishing.

5. Enable and monitor Copilot audit logs. Microsoft 365 unified audit logs capture Copilot search activity. Look for anomalous query patterns — especially sessions that retrieve content across multiple data sources (mail, SharePoint, OneDrive) in rapid succession from an account that does not normally behave that way.

Until a full patch is confirmed, consider temporarily restricting Copilot Enterprise access for your highest-value accounts — the marginal productivity loss is acceptable; the exposure from a successful SearchLeak hit is not.